week 14 homework web development

• Visit Our Blog about Russia to know more about Russian sights, history
• Check out our Russian cities and regions guides
• Follow us on Twitter and Facebook to better understand Russia
• Info about getting Russian visa , the main airports , how to rent an apartment
• Our Expert answers your questions about Russia, some tips about sending flowers

Russian regions

• Belgorod oblast
• Bryansk oblast
• Ivanovo oblast
• Kaluga oblast
• Kostroma oblast
• Kursk oblast
• Lipetsk oblast
• Moskovskaya oblast
• Orlovskaya oblast
• Ryazan oblast
• Smolensk oblast
• Tambov oblast
• Tula oblast
• Tver oblast
• Vladimir oblast
• Voronezh oblast
• Yaroslavl oblast
• Map of Russia
• All cities and regions
• Blog about Russia
• News from Russia
• How to get a visa
• Flights to Russia
• Russian hotels
• Renting apartments
• Russian currency
• FIFA World Cup 2018
• Submit an article
• Flowers to Russia
• Ask our Expert

Voronezh Oblast, Russia

The capital city of Voronezh oblast: Voronezh .

Voronezh Oblast - Overview

Voronezh Oblast is a federal subject of Russia, part of the Central Federal District. Voronezh is the capital city of the region.

The population of Voronezh Oblast is about 2,288,000 (2022), the area - 52,216 sq. km.

Voronezh oblast flag

Voronezh oblast coat of arms.

Voronezh oblast map, Russia

Voronezh oblast latest news and posts from our blog:.

9 September, 2015 / Kalacheevskaya Cave - the longest cave in Voronezh region .

10 May, 2010 / Voronezh oblast palace of the princess photos .

History of Voronezh Oblast

The first people began to settle in the territory of the present Voronezh region in the Paleolithic age, about 30 thousand years ago. In the Iron Age, this region became part of Scythia. Then the Sarmatians came to replace the Scythians. It is assumed that they gave the name to the Don River.

In the early Middle Ages, the Alans, the descendants of the Sarmatians, moved on to a settled way of life, mastered the skills of urban culture and entered into a complex symbiosis with nomads (the Bulgars and the Khazars). In the 7th century, the steppe part of the region became the territory of the Khazar Kaganate.

In the 9th-10th centuries, the Slavs began to settle in the north of the region. Central and southern areas were controlled by nomadic tribes. In the first half of the 13th century, during the Mongol invasion, the ancient Russian settlements were destroyed, and Voronezh land for several centuries turned into a so-called “wild field” crossed by the main Tatar roads - Nogai and Kalmius roads.

In the 15th century, several districts up to the Khopyor River, the Vorona River and the mouth of the Voronezh River were part of the Ryazan principality, but the Russian settlements here were few in number. Between the Russian territory and the Tatar nomads lay a vast, devastated by nomadic raids, neutral buffer land.

More historical facts…

In 1521, the Ryazan principality became part of the Moscow state, which opened the way for the beginning of the Russian colonization of these territories. The Cossacks began to form from the Christian population of the region that assimilated certain elements of the culture of nomads.

In 1585, in place of the Cossack village, Voronezh was founded as a fortress of the Moscow state on the border of the Wild Field. For more than 50 years Voronezh was the only town on the territory of the present Voronezh region. Up to the 17th century, the Tatar raids on the Voronezh land continued.

In 1696, by decision and with the personal participation of Peter I, a shipyard was built on Voronezh land for the construction of the first Russian fleet - the foothold for the development of the Black Sea region. From here the Azov campaigns of Peter I began. The centers of Russian colonization in the east of the region were the towns of Borisoglebsk (1698) and Novokhopersk (1716).

In 1711, (after the loss of Azov), Voronezh became a provincial town, the administrative center of the Azov gubernia (province). In the 18th century, the development of the entire territory of the region began. In 1725, the province received the name of Voronezh.

Voronezh Governorate became one of the main bread baskets of the Russian Empire. In the 1860-1870s, railways passed through the territory of the region and connected Central Russia with South Ukraine, the North Caucasus and the Trans-Volga. The region’s economy remained largely agrarian.

In 1934, Voronezh Oblast was established. In 1937, Tambov Oblast was singled out of the Voronezh region. During the Second World War, it became the scene of fierce battles. The city of Voronezh was almost completely destroyed. In 1954, large western and northern territories were transferred to Belgorod and Lipetsk oblasts. In 1957, the boundaries of Voronezh Oblast took the current form.

In the mid-1960s, the Novovoronezh nuclear power plant was built, the Stavropol-Moscow gas pipeline passed through the territory of the region. Voronezh became a major center of the country’s military-industrial complex. In 1972, the Voronezh reservoir was created.

Nature of Voronezh Oblast

Birches in the middle of the field in the Voronezh region

Author: Stepygin Evgeny

Golden autumn in Voronezh Oblast

Author: Constantin Silkin

Cows in the Voronezh region

Author: Galina Linn

Voronezh Oblast - Features

Voronezh Oblast is located in the south-west of the European part of Russia. The length of the region from north to south is 277.5 km, from west to east - 352 km. In the south it borders on the Lugansk region of Ukraine.

The climate is moderately continental. The average temperature in January is minus 10 degrees Celsius, in July - plus 20 degrees Celsius.

The largest cities and towns of Voronezh Oblast are Voronezh (1,048,700), Rossosh (61,800), Borisoglebsk (57,200), Liski (52,000).

The most important resource of Voronezh Oblast is its fertile black soil rich in humus (chernozem), which occupy most of the territory. The largest rivers are the Don, Voronezh, Khopyor, Bityug.

Voronezh Oblast has rich deposits of non-metallic raw materials, mainly building materials (sands, clays, chalk, granites, cement raw materials, ocher, limestone, sandstone). Also there are deposits of phosphorites, nickel, copper, and platinum.

The local economy is an industrial-agrarian one. The main industries are mechanical engineering, electric power industry, chemical industry, and processing of agricultural products. This region is a major supplier of agricultural products: wheat, sugar beet, sunflower, potatoes, and vegetables. There is a nuclear power plant on the territory of Voronezh oblast - Novovoronezh Nuclear Power Plant.

Two federal highways pass through the territory of the Voronezh region: E 115 - M4 “Moscow-Novorossiysk” and E 119 - M6 “Moscow-Astrakhan”.

Attractions of Voronezh Oblast

Voronezh Oblast has a significant recreational and tourist potential. There are 7 historical towns in the region (Bobrov, Boguchar, Borisoglebsk, Voronezh, Novokhopersk, Ostrogozhsk, Pavlovsk), about 2,700 historical and cultural monuments, 20 museums and 3 reserves.

Pine forests and oak groves in the valley of the Voronezh River are known for their favorable effect on human health. There are a lot of summer and winter tourist bases and sanatoriums.

The main sights of the Voronezh region:

• Natural Architectural-Archaeological Museum-Reserve Divnogorye in Liskinsky district - one of the most popular and recognizable sights of the Voronezh region. One of the main attractions is a church built by monks inside a chalk cliff;
• Archeological Museum-Reserve “Kostyonki” in the village of Kostyonki in the Khokholsky district;
• Museum-Estate of D. V. Venevitinov in the village of Novozhivotinoye in Ramonsky district - a complex of residential and park buildings that belonged to the old Russian noble family in the second half of the 17th - early 20th centuries;
• Castle of the Princess of Oldenburg in Ramon - a picturesque manor house built in the style of brick neo-Gothic in the late 19th century;
• Voronezh Biosphere Reserve with the world’s only experimental beaver cattery;
• “Village of the 17th-19th centuries” - a museum in the open air in the town of Ertil;
• Khrenovskaya and Chesma stud farms;
• Museums and memorial places in Voronezh.

Voronezh oblast of Russia photos

Churches in the voronezh region.

Country life in Voronezh Oblast

Church in the Voronezh region

Author: Lantsov Dmitriy

Orthodox cathedral in Voronezh Oblast

Author: Feliks Radev

Voronezh Oblast scenery

Lonely locomotive in the Voronezh region

Author: Gribanov D.

• Currently 2.92/5

Rating: 2.9 /5 (245 votes cast)

Navigation Menu

Search code, repositories, users, issues, pull requests..., provide feedback.

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly.

To see all available qualifiers, see our documentation .

• Notifications You must be signed in to change notification settings

Unit_14_homework_Solved.md

Latest commit, file metadata and controls, week 14 homework: web development, http requests and responses.

Answer the following questions about the HTTP request and response process.

What type of architecture does the HTTP request and response process occur in?

• Client-Sever Architecture -HTTP is an application layer: Layer 7 on the OSI model

What are the different parts of an HTTP request? - Request line - Header fields - Request body

Which part of an HTTP request is optional?

• Request Body

What are the three parts of an HTTP response? - Status line - Header fields - Response body

Which number class of status codes represents errors?

• 400 codes indicates client error, meaning the client sent a improperly formatted request
• 500 codes indicates server error, meaning the server application failed

What are the two most common request methods that a security professional will encounter?

• HTTP Method: GET - requests ask for data from a server to retrieve data. POST- requests send data to a specified resource

Which type of HTTP request method is used for sending data?

• POST is used to send data

Which part of an HTTP request contains the data being sent to the server?

• POST- sends data to a source, often changing or updating a server

In which part of an HTTP response does the browser receive the web code to generate and style a web page?

• The response body contains the source code of the resource requested in the GET request

Answer the following questions about curl :

What are the advantages of using curl over the browser?

• SSL connections
• Proxy support
• FTP uploads

Which curl option is used to change the request method?

• change the method into something else by using curl -X or --request followed by the actual method name

Which curl option is used to set request headers?

• curl -H or --header

Which curl option is used to view the response header?

• curl -i or --include (include protocol headers in the output)
• curl -I or --head (show document info only)

Which request method might an attacker use to figure out which HTTP requests an HTTP server will accept? - GET request - the attacker could request data from a server to figure out which HTTP requests that an HTTP server will accept.

Sessions and Cookies

Recall that HTTP servers need to be able to recognize clients from one another. They do this through sessions and cookies.

Answer the following questions about sessions and cookies:

Which response header sends a cookie to the client?

• The set-cookie sends the cookie to the client, cart=Bob

Which request header will continue the client's session?

• Cookie: cart=Bob
• When Bob revisits the webpage, his browser sends the cookie back through the request header.

Example HTTP Requests and Responses

Look through the following example HTTP request and response and answer the following questions:

HTTP Request

What is the request method?

• POST /login.php HTTP/1.1

Which header expresses the client's preference for an encrypted response?

• Upgrade-Insecure-Requests: 1

Does the request have a user session associated with it?

• No the Session is not restablished yet

What kind of data is being sent from this request body?

• username=Barbara&password=password

HTTP Response

What is the response status code?

What web server is handling this HTTP response?

Does this response have a user session associated to it?

• yes, Set-Cookie: SessionID=5

What kind of content is likely to be in the [page content] response body?

• Content-Type: text/html

If your class covered security headers, what security request headers have been included?

Monoliths and Microservices

Answer the following questions about monoliths and microservices:

What are the individual components of microservices called?

• Identity Providers
• API Gateway
• Messaging Formats
• Static Content
• Service Discovery

What is a service that writes to a database and communicates to other services?

• The API Gateway is responsible for request routing, composition, and protocol translation.

What type of underlying technology allows for microservices to become scalable and have redundancy?

• Cointainers allow microservices to be scalable and redundant, along with Load Balancer

Deploying and Testing a Container Set

Answer the following questions about multi-container deployment:

What tool can be used to deploy multiple containers at once?

What kind of file format is required for us to deploy a container set?

Which type of SQL query would we use to see all of the information within a table called customers ?

• The SELECT statement in SQL is used to fetch the records from the table.

Which type of SQL query would we use to enter new data into a table? (You don't need a full query, just the first part of the statement.)

• The INSERT statement is used to insert single or multiple records into a table.

Why would we never run DELETE FROM <table-name>; by itself?

• The DELETE statement is used to delete existing records in a table. Be careful when deleting records in a table! Notice the WHERE clause in the DELETE statement. The WHERE clause specifies which record(s) should be deleted. If you omit the WHERE clause, all records in the table will be deleted - ex: DELETE FROM table_name WHERE condition

Bonus Challenge Overview: The Cookie Jar

For this challenge, you'll once again be using curl , but this time to manage and swap sessions.

⚠️ Heads Up : You'll need to have WordPress set up from the Swapping Sessions activity from Day 1 of this unit. If you have not done it or it is improperly set up, please refer to the Day 1 student guide and the Swapping Sessions activity file.

If you recall, on Day 1 of this unit you used Google Chrome's Cookie-Editor extension to swap sessions and cookies. For this homework challenge, we'll be using the command-line tool curl to practice swapping cookie and sessions within the WordPress app.

It is important for cybersecurity professionals to know how to manage cookies with curl :

Web application security engineers need to regularly ensure cookies are both functional and safe from tampering.

• For example, you might need to request a cookie from a webpage and then test various HTTP responses using that cookie. Doing this over and over through the browser is tedious, but can be automated with scripts.

The same concept applies for penetration testers and hackers: curl is used to quickly save a cookie in order to test various exploits.

• For example, an HTTP server may be configured so that, in order to POST data to specific pages, clients need to have cookies or authentication information set in their request headers, which the server will verify.

Revisiting curl

Recall that you used curl to craft different kinds of requests for your curl activity, and that you saw how to use the Chrome extension Cookie-Editor to export and import cookies and swap sessions.

There will be many systems in which you will need to test requests and cookies that will not connect to a browser or browser extension.

curl not only allows users to look through headers, send data, and authenticate to servers, but also to save and send cookies through two curl options: --cookie-jar and --cookie .

These two options work exactly like Cookie-Editor, but on the command line.

--cookie-jar allows a curl user to save the cookies set within a response header into a text file.

--cookie allows a user to specify a text file where a cookie is saved, in order to send a request with the cookies embedded in the request header.

Let's look at how we can create a curl command that will log into a web page with a supplied username and password, and also save the server's response that should contain a cookie.

Logging In and Saving Cookies with Curl

If we want to use the curl command to log into an account, Amanda , with the password password , we use the following curl options:

curl --cookie-jar ./amandacookies.txt --form "log=Amanda" --form "pwd=password" http://localhost:8080/wp-login.php --verbose

curl : The tool that we are using.

--cookie-jar : Specifies where we will save the cookies.

./amandacookies.txt : Location and file where the cookies will be saved.

--form : Lets us pick the login username and password forms that we set in our user info earlier. In this case it's our username.

log=Amanda : How WordPress understands and accepts usernames.

--form : Lets us pick the login username and password forms that we set in our user info earlier. In this case it's our password.

pwd=password : How WordPress understands and accepts passwords.

http://localhost:8080/wp-login.php : Our WordPress login page.

--verbose : Outputs more specific description about the actions the command is taking.

Run the command: curl --cookie-jar ./amandacookies.txt --form "log=Amanda" --form "pwd=password" http://localhost:8080/wp-login.php --verbose

If the site confirms our credentials, it will give us a cookie in return, which curl will save in the cookie jar file ./amandacookies.txt .

Now let's look at how to use that saved cookie on a page that requires us to be logged in.

Using a Saved Cookie

To use a saved cookie, we use the following curl syntax:

--cookie : Precedes the location of our saved cookie that we want to use.

./amandacookies.txt : Location and file where the cookies are saved.

http://localhost:8080/wp-admin/users.php : A page that requires authentication to see properly. Note that we are not going to the login page, because supplying a cookie in this instance assumes that we are already logged in.

Now that we know how to use the curl cookie jar, let's look at what we need to do for this challenge.

Bonus Challenge Instructions: The Cookie Jar

First, using Docker Compose, navigate to the Day 1 WordPress activity directory and bring up the container set:

• /home/sysadmin/Documents/docker_files

Using curl , you will do the following for the Ryan user:

Log into WordPress and save the user's cookies to a cookie jar.

Test a WordPress page by using a cookie from the cookie jar.

Pipe the output from the cookie with grep to check for authenticated page access.

Attempt to access a privileged WordPress admin page.

Step 1: Set Up

Create two new users: Amanda and Ryan.

Navigate to localhost:8080/wp-admin/

On the left-hand toolbar, hover over Users and click Add New .

Enter the following information to create the new user named Amanda.

• Username: Amanda
• Email: [email protected]

Skip down to password:

• Password: password
• Confirm Password: Check the box to confirm use of weak password.
• Role: Administrator

Create another user named Ryan.

• Username: Ryan
• Email: [email protected]
• Password: 123456
• Role: Editor

Log out and log in with the following credentials:

Step 2: Baselining

For these "baselining" steps, you'll want to log into two different types of accounts to see how the WordPress site looks at the localhost:8080/wp-admin/users.php page. We want to see how the Users page looks from the perspective of an administrator, vs. a regular user.

• Using your browser, log into your WordPress site as your sysadmin account and navigate to localhost:8080/wp-admin/users.php , where we previously created the user Ryan. Examine this page briefly. Log out.

• Using your browser, log into your Ryan account and attempt to navigate to localhost:8080/wp-admin/index.php . Note the wording on your Dashboard.

• Attempt to navigate to localhost:8080/wp-admin/users.php . Note what you see now.

Log out in the browser.

Step 3: Using Forms and a Cookie Jar

Navigate to ~/Documents in a terminal to save your cookies.

Construct a curl request that enters two forms: "log={username}" and "pwd={password}" and goes to http://localhost:8080/wp-login.php . Enter Ryan's credentials where there are placeholders.

• curl --form "log=Ryan" --form "pwd=123456" http://localhost:8080/wp-login.php --verbose

Construct the same curl request, but this time add the option and path to save your cookie: --cookie-jar ./ryancookies.txt . This option tells curl to save the cookies to the ryancookies.txt text file.

Read the contents of the ryancookies.txt file.

curl --cookie-jar ./ryancookies.txt --form "log=Ryan" --form "pwd=123456" http://localhost:8080/wp-login.php --verbose

curl --cookie ./ryancookies.txt http://localhost:8080/wp-admin/users.php - to save file

• Question: How many items exist in this file? - There are 3

Note that each one of these is a cookie that was granted to Ryan after logging in.

Step 4: Log in Using Cookies

Craft a new curl command that now uses the --cookie option, followed by the path to your cookies file. For the URL, use http://localhost:8080/wp-admin/index.php .

• Question: Is it obvious that we can access the Dashboard? (Y/N)

Press the up arrow on your keyboard to run the same command, but this time, pipe | grep Dashboard to the end of your command to return all instances of the word Dashboard on the page.

• Question: Look through the output where Dashboard is highlighted. Does any of the wording on this page seem familiar? (Y/N) If so, you should be successfully logged in to your Editor's dashboard.

Step 5: Test the Users.php Page

• Finally, write a curl command using the same --cookie ryancookies.txt option, but attempt to access http://localhost:8080/wp-admin/users.php .

curl -L --cookie ryancookie.txt http://localhost:8080/wp-admin/index.php

Submission Guidelines

• Save the file where you documented your solutions and submit it as your homework deliverable.

© 2020 Trilogy Education Services, a 2U, Inc. brand. All Rights Reserved.